[go: up one dir, main page]

WO2007036160A1 - Appareil, systeme et procede assurant la communication entre un client et un serveur - Google Patents

Appareil, systeme et procede assurant la communication entre un client et un serveur Download PDF

Info

Publication number
WO2007036160A1
WO2007036160A1 PCT/CN2006/002574 CN2006002574W WO2007036160A1 WO 2007036160 A1 WO2007036160 A1 WO 2007036160A1 CN 2006002574 W CN2006002574 W CN 2006002574W WO 2007036160 A1 WO2007036160 A1 WO 2007036160A1
Authority
WO
WIPO (PCT)
Prior art keywords
port
server
transit
component
address
Prior art date
Application number
PCT/CN2006/002574
Other languages
English (en)
Chinese (zh)
Inventor
Tao Jiang
Weihua Chen
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Priority to BRPI0616627-0A priority Critical patent/BRPI0616627A2/pt
Publication of WO2007036160A1 publication Critical patent/WO2007036160A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/2514Translation of Internet protocol [IP] addresses between local and global IP addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • H04L61/256NAT traversal

Definitions

  • the present invention relates to network information interaction technologies, and in particular, to an apparatus, system and method for implementing communication between a client and a server. Background of the invention
  • the forwarding devices mainly refer to: Network Address Translation (NAT). Device / Proxy / Firewall.
  • the target server dynamically allocates a communication port with the client main application component
  • the target server and the client main application component dynamically negotiate the communication ports of the two parties
  • TCP or UDP communication ports between the target server and the client main application component are required during a complete communication process
  • the communication protocols used are relatively complex.
  • the communication protocols commonly used in these applications are: H.323, Session Initiation Protocol (SIP), Media Gateway Control Protocol (MGCP, Media Gateway Control Protocol; or Complex protocols such as H.248/MeGaCo, Media Gateway Control Protocol), and such complex protocols are generally not supported on forwarding devices, and thus may hinder end-to-end communication between the main application component and the target server.
  • the interaction method of some complex communication protocols (such as the H.323 protocol) is as follows: The packet sent by the client main application component to the target server, except the source/destination IP address and port carried in the packet header, is reported. The data part of the file also includes the source IP address and port. After receiving the packet, the target server parses the source IP address and port from the data part of the packet, and returns a response packet to the parsed IP address and port.
  • This interaction method requires the client main application component to be directly connected to the target server to communicate normally;
  • the network environment in which the application is located is diversified, and the network settings are not allowed or difficult to change;
  • the target server is relatively fixed, directly on the Internet
  • the forwarding device introduced between the private network and the Internet is a firewall, and the firewall restricts the communication port, and generally only opens a limited number of ports.
  • the port is dynamically allocated during the communication between the client main application component and the target server, and the communication port is dynamically changed, and is easily allocated to a port that is not open to the firewall, thus easily causing communication failure;
  • the client main application component and the target server may negotiate multiple communication ports, and the number of ports open by the firewall is only a limited number, and the port configuration of the firewall is difficult to change, so it is difficult to allow the message to pass through the open communication port, the ordinary user It is often difficult or impossible to change the network settings, so it is difficult for these applications to communicate through the firewall.
  • the forwarding device introduced between the private network and the Internet is a NAT/proxy server
  • the IP address of the client's main application component is the IP address of the private network.
  • the client main application component and the target server interact with each other using a complex communication protocol (such as H.323, SIP, MGCP, H.248/MeGaCo, etc.) having the above characteristic 4.
  • the packet sent by the client main application component to the target server first arrives at the NAT/proxy server, and the NAT/proxy server converts the source IP address and port in the packet header into the NAT IP address and port and sends the packet to the target server.
  • the target server parses the source IP address and port from the packet data part, and returns a response message to the source IP address and port; however, the source IP address and port included in the data part are not public.
  • the IP address and port on the network are the IP addresses and ports on the client's private network. Therefore, the response packets returned are not routed to the correct destination IP address and port, and thus cannot reach the client's main application component, causing communication failure.
  • the protocol adopted by the above main application component is a protocol that requires end-to-end communication, and does not support a proxy protocol that interacts through the proxy server, so the client's main application component cannot communicate with the proxy server. It is even more incapable of communicating with the target server through the proxy server.
  • the main purpose of the present invention is to provide a device and a communication system for implementing communication between a client and a server.
  • a forwarding device is introduced between a client and a server, the interaction information can be transmitted through the device. And normal communication.
  • the present invention discloses a device for implementing communication between a client and a server, and is applied to a communication system including a client, a server, and a forwarding device between the two;
  • the device comprises: a transit component, establishing a dedicated channel between the transit server and the forwarding device, establishing a communication connection between the client and the client, and establishing a dedicated connection between the client and the server with the transit server Logical channel of the channel;
  • the transit server establishes a dedicated channel that penetrates the forwarding device with the transit component, establishes a communication connection between itself and the server, and establishes a logical channel based on the dedicated channel between the client and the server with the transit component .
  • the dedicated channel between the transit component and the transit server is a transmission control protocol.
  • TCP or User Datagram Protocol UDP communication connection uses the open port of the forwarding device.
  • the transit server includes: a port allocation module, configured to receive a port request from a main application component and allocate a local port, and establish the reverse channel according to the port request and the local port.
  • a port allocation module configured to receive a port request from a main application component and allocate a local port, and establish the reverse channel according to the port request and the local port.
  • the port allocation module includes: an allocation module for allocating a single TCP port, an allocation module for allocating a single UDP port, an allocation module for allocating two consecutive UDP ports; and the allocation module for allocating a single TCP port; An allocation module, an allocation module for allocating a single UDP port, and an allocation module for allocating two consecutive UDP ports receive a port request and assign a corresponding type of local port.
  • the device further includes: a conversion module for negotiating an address port, configured in the transit component or the relay server, configured to parse the negotiation data packet sent by the client to the server, and negotiate the IP address of the client of the data packet portion And the port translates to the IP address and port of the transit server for the current logical channel.
  • a conversion module for negotiating an address port configured in the transit component or the relay server, configured to parse the negotiation data packet sent by the client to the server, and negotiate the IP address of the client of the data packet portion And the port translates to the IP address and port of the transit server for the current logical channel.
  • the invention also discloses a communication system, comprising: a client, a server and both a forwarding device connected between the client, the client includes: a main application component, the server side includes at least one target server; the system further includes: a transit component and a transit server;
  • a transit component establishing a dedicated channel that penetrates the forwarding device with the transit server, establishing a communication connection between itself and the main application component, and establishing a dedicated channel between the main application component and the target server with the transit server Logical channel
  • the transit server establishes a dedicated channel that penetrates the forwarding device with the transit component, establishes a communication connection between itself and the target server, and establishes a logic based on the dedicated channel between the main application component and the target server with the transit component aisle.
  • the invention further discloses a method for realizing communication between a client and a server, which is applied to a communication system comprising: a client, a server and a forwarding device connected between the two, the method comprises: - a client and a server Establishing a dedicated channel that penetrates the forwarding device; when the main application component of the client communicates with the target server of the server, establishing a logical channel based on the dedicated channel between the main application component and the target server and communicating.
  • the private channel that penetrates the forwarding device is established between the client and the server, and includes: setting a transit component on the client, setting a relay server on the server; establishing the server by the transit component and the transit server Dedicated channel
  • the main application component establishes a logical channel based on the dedicated channel with the target server, including: the transit component establishes a communication connection between itself and the main application component, and the transit server establishes a communication connection between itself and the target server; the main application component
  • the transit component, the transit server, and the target server respectively allocate respective communication ports, establish correspondences of the communication ports, and form a logical channel.
  • the transit component and the relay server establish a dedicated channel-based logical channel between the main application component and the target server, including:
  • the main application component sends a port request carrying the IP address and port of the main application component and the IP address and port of the target server to the transit component;
  • the transit component encapsulates the port request using an internal protocol, forwards the encapsulated port request to the transit server through the dedicated channel, and locally allocates a forwarding interface for data forwarding; the transit server allocates the local port according to the received port request;
  • the transit server returns the established logical channel number, the IP address and port of the transit server, and the correspondence between the IP address and the port of the target server to the transit component through the dedicated channel, and the transit component establishes the logical channel number and the main application component.
  • the IP address and port, the transit component forwarding interface, the IP address and port of the transit server, and the IP relationship between the IP address and port of the target server;
  • the transit component and the relay server establish a dedicated channel-based logical channel between the main application component and the target server, including:
  • the main application component sends a port request to the transit component that carries the IP address and port of the main application component;
  • the transit component encapsulates the port request by using an internal protocol, forwards the encapsulated port request to the transit server through the dedicated channel, and locally allocates a forwarding interface for data forwarding; the transit server allocates the local port according to the received port request;
  • the main application component sends the IP address and port of the target server to the transit component and the transit server through communication data or notification;
  • the transit server establishes the logical channel number, the IP address and port of the transit server, and the destination Correspondence between the IP address and port of the target server;
  • the transit server returns the established logical channel number, the IP address and port of the transit server, and the correspondence between the IP address and the port of the target server to the transit component, and the transit component establishes the logical channel number, the IP address of the main application component, and Port, transit component forwarding interface, IP address and port of the relay server, and the correspondence between the IP address and port of the target server;
  • the method further includes: when the main application component performs port negotiation with the target server, the relay server parses the negotiation data packet sent by the main application component to the target server, and converts the negotiated IP address and port of the main application component in the data portion of the negotiation data packet.
  • the IP address and port of the transit server of the logical channel are sent to the target server by the converted negotiation packet.
  • the logical channel corresponding to the dynamically allocated port or the dynamically negotiated port uses a dedicated channel to traverse the firewall, regardless of the number of ports allocated or negotiated.
  • the corresponding logical channel uses the dedicated channel to traverse the firewall, and the dedicated channel is a single Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) connection, and the port to which the application is applied is a port open by the firewall, which can be implemented.
  • TCP Transmission Control Protocol
  • UDP User Datagram Protocol
  • the interaction protocol used is only a simple internal protocol, and is generally not hindered by the forwarding device, so that successful penetration can be achieved.
  • the forwarding device communicates.
  • the forwarding device is a NAT/proxy server, due to the transition between the transit component and the transit server
  • the interaction protocol is just a simple internal protocol. It does not need to return a response according to the source IP address and port included in the packet data part, such as the ⁇ .323 and SIP complex protocols, but according to the source IP address in the packet header. And the port returns a response, and the IP address and port in the header are converted by the NAT/proxy server, so the returned response can successfully penetrate the NAT/proxy server, enabling smooth communication between the main application component and the target server.
  • the forwarding device introduced between the private network and the Internet is a proxy server (for example, a proxy server such as HTTP/SOCKS4/SOCKS5)
  • a proxy server for example, a proxy server such as HTTP/SOCKS4/SOCKS5
  • the function of the proxy protocol is relatively easy to implement on the client's transit component, so even if the main application component does not support the proxy.
  • the interactive information can also successfully penetrate the proxy server.
  • the invention does not need to make any changes to the hardware and software of the target server; in the case that the transit component or the relay server supports the same protocol as the main application component, the hardware and software of the main application component need not be changed; and, there is no need to upgrade or replace the NAT/
  • the hardware and software of the proxy server/firewall generally do not need to change the settings of the NAT/proxy server/firewall. Therefore, while successfully traversing the NAT/proxy server/firewall, the existing hardware and software resources can be retained to the greatest extent, and the implementation cost is low.
  • the solution adopted by the present invention has nothing to do with the communication protocol adopted by the main application component and the target server itself, and does not need to consider the complexity of the communication protocol, and is simple to implement.
  • the port request has traversed the forwarding device for communication, including "out” communication and "in” communication, so when the communication is initiated from the public network to the private network, since the forwarding device has recorded the private network to The process of "outbound” communication of the public network, and the logical channel has been established, so the forwarding device does not hinder the communication from the public network to the private network through the logical channel.
  • 1 is a schematic structural view of an embodiment of the device according to the present invention
  • 2 is a flow chart of an embodiment of the method of the present invention. Mode for carrying out the invention
  • the core technical solution of the present invention is: setting a relay device on the client and the server respectively, and the two transit devices communicate through a dedicated channel, and all information exchanged between the client and the server is forwarded through the two transfer devices to other side.
  • FIG. 1 is a block diagram showing an embodiment of the apparatus of the present invention.
  • the entire Internet application is divided into two major physical parts: A large entity part is the part of the local area network (LAN) located in the forwarding device (ie NAT/proxy/firewall), this entity part is the client; the other entity part is located The part of the Internet that is outside the forwarding device (that is, NAT/Proxy/Firewall). This entity part is the server side.
  • the client includes: The main application component 11 is mainly used to complete the actual functions of the client part of the entire Internet application, such as the VoIP application component and the network conference application component.
  • the server side mainly includes:
  • the target server 14, such as a network telephone server and a web conference server, is the actual destination for completing the entire communication with the client.
  • the apparatus of the present invention includes a relay unit 12 at the client and a relay server 13 at the server end.
  • the relay unit 12 and the relay server 13 communicate by establishing a dedicated channel 15, which is a single TCP/UDP connection, and the port used for the dedicated channel is a port opened by a forwarding device such as a firewall.
  • the relay component 12 and the relay server 13 are configured to establish a logical channel between the main application component and the target server, the logical channel is established on a dedicated channel between the transit component and the transit server; the main application component and the target server pass the transit component Communicates with the logical channel established in the relay server.
  • Step 201 When the client starts, a dedicated channel is established between the client relay component and the transit server.
  • the dedicated channel can be a single TCP UDP communication connection, established using an open port of a forwarding device such as a firewall. If the establishment of the dedicated channel is unsuccessful at a time, the open port of the forwarding device can be detected by two or more heuristics, thereby establishing the dedicated channel on the open port.
  • the TCP UDP communication port of the terminal performs communication through the forwarding device to convert the communication to the forwarding device by a single dedicated channel, so as to maintain the original security of the network as much as possible, and at most, a fixed communication port needs to be opened on the forwarding device to complete the entire
  • the communication process makes it very easy to penetrate the firewall.
  • the port of the main application component communicates with the port of the target server through the transit component and the relay server, when the main application component port is to communicate with the target server port, the type and number of communication ports need to be established in the transit component and the transit server.
  • the communication data between the main application component port and the target server port is transmitted in the transit component and the transit server through the logical channel corresponding to the port, and finally sent to the other party.
  • the port of the target server may be an open port configured by the main application component and configured on the main application component, or may be a port allocated by the target server as a main application component (the allocated port information may be sent to the open port through the foregoing open port)
  • the main application component can also be a dynamically negotiated port between the main application component and the target server.
  • the process of establishing a logical channel on the transit component and the relay server is the following steps 202 to 207.
  • Step 202 The client main application component first sends a port request to the transit component before sending data to the target server.
  • the port request can be requested in the form of a message (such as a TCP/IP socket message and a message in the form of a Windows message), or can be requested by calling a function.
  • the subsequent data forwarding process corresponds to the port request, and may also use the message form or the call function mode.
  • the data is sent in the form of a port message, the data is returned in the form of a port message; , when returning data, it can be returned as a port message, or it can be returned by a callback function.
  • the port request is performed in the form of a message.
  • the port request here carries the type and number of ports to be requested, and the IP address and port number of the target server to which the main application component will communicate, where the port numbers are 140 and 141.
  • the type and number of ports to be requested correspond to the type and number of ports that the main application component will communicate with.
  • the port type can be a TCP port or a UDP port.
  • the target server port to be communicated is two consecutive UDP ports 140 and 141.
  • the port request also carries the IP address of the main application component and the port information to be communicated with the target server port.
  • the port is two consecutive UDP ports 110 and 111, and the transit component needs to record the main application component. IP address and port number and the IP address and port number of the target server.
  • the port request may not carry the IP address and port number of the target server, but in subsequent data communication, the IP address and port number of the target server are carried in the data packet.
  • Step 203 After receiving the port request message, the transit component encapsulates the port request message through the internal protocol between the transit component and the transit server, and then sends the message to the relay server through the dedicated channel. At the same time, the transit component allocates the local port according to the type and number of ports requested in the port request message, that is, allocates two consecutive local UDP ports, which are assumed to be port 120 and port 121, for subsequent packet forwarding. This local port is called the forwarding interface of the transit unit.
  • the internal protocol is a communication protocol with simple encapsulation and decapsulation processing, and the protocol only responds according to the IP address and port number in the packet header, but not to the data portion.
  • the protocol packet can successfully penetrate the forwarding device in both directions when traversing a forwarding device such as NAT that translates the IP address and port number of the header.
  • a forwarding device such as NAT that translates the IP address and port number of the header.
  • Step 204 After receiving the port request message sent by the client transit component, the transit server allocates the local port according to information such as the type and quantity of the communication port included in the request message, that is, allocates two consecutive local UP ports, The port is assumed to be port 130 and port 131; then the logical channel number, the transit server IP address and port number, the destination server IP address and the port number are established, that is, the correspondence between the following Table 1 is established, and the IP address of the transit server is assumed to be C, the IP address of the target server is D:
  • the relay server also maintains information such as the auxiliary port information data and communication status in Table 1 in the subsequent process.
  • the transit server also establishes a communication connection between the local port 130 and the port 140 corresponding to the target server, and the local port 131 and the port 141 corresponding to the target server, so as to reach the target server. Transmitting the communication data sent by the client and receiving the communication data sent back to the client by the target server.
  • the transit server may first allocate the port locally, and wait until the packet carrying the IP address and port number of the target server is received, or is known in the main application component. After the IP address and port of the target server have not been sent, the relay server notifies the relay server, and then establishes the correspondence described in Table 1. Step 205: The relay server then returns a response message encapsulated by the internal protocol to the transit component through the dedicated channel 15, including information on whether the port request is successful, and if successful, the IP address of the transit server and the allocated port information, that is, The local port numbers 130 and 131 assigned by the transit server.
  • Step 206 After receiving the response message, the transit component establishes the logical channel number, the IP address and port number of the main application component, the IP address and port number of the transit component, the IP address and port number of the transit server, and the IP address and port of the target server.
  • the correspondence between the numbers, as shown in Table 2, is that the BP address of the main application component is A, and the IP address of the transit component is B:
  • the relay component returns a response message to the main application component, including the contents of Table 2 above. If the port request does not carry the IP address and port of the target server, the transit component here waits until receiving the data packet carrying the IP address and port number of the target server or receiving the notification of the main application component. Establish the correspondence described in Table 2.
  • the main application component can establish a local communication connection between the port 110 to be communicated locally and the port 120 of the transit component, and also establish a client local between the port 111 and the port 121 of the transit component. Communication connection; the main application component can send and receive data through port 110 and port 111.
  • Step 207 Correspond to the type and number of ports requested by the main application component, the IP address and port of the main application component, the forwarding interface of the transit component, the IP address and port of the transit server, and the IP address and port of the target server.
  • the relationship acts as a logical channel for the port-to-port communication.
  • the communication port is the starting port, and the logical channel that can traverse the forwarding device is established through the transit component and the transit server to the communication port of the target server, that is, the IP address and port through which the logical channel 0 passes are: A/port 110 - B/ 120 - Dedicated Channel 15 - C/Port 130 - D/Port 140, The IP address and port through which Logical Channel 1 passes are: A/Port 111 - B/121 - Dedicated Channel 15 - C/Port 131-D/141.
  • the transit component and the transit server forward the packets sent by the port of the main application component to the corresponding port of the target server through the logical channels recorded in Tables 1 and 2.
  • the main application component and the target server can communicate using these channels.
  • Step 208 The data sent by the main application component from the port 110 is finally sent to the target server through the logical channel 0, and the data sent from the port 111 is finally sent to the target server through the logical channel 1.
  • the following describes the data transmission process from the main application component to the target server by taking logical channel 0 as an example:
  • the main application component 11 transmits the data packet transmitted from the port 110 to the port 120 of the relay component 12 according to the logical channel content in Table 2; the relay component 12 determines the logic for transmitting the data packet according to the correspondence relationship in the port 110 lookup table 2
  • the channel is 0, and the IP address and port of the corresponding transit server are C and 130; then the internal protocol encapsulation is performed on the data to be sent, and the logical channel information corresponding to the data is encapsulated into the data packet, where the logical channel information is The logical channel number 0; the relay unit 12 forwards the encapsulated data packet to the relay server 13 through the dedicated channel 15 between the relay server 13 and the relay server 13 after receiving the encapsulated data packet.
  • the protocol is decapsulated, and the logical channel information, that is, the logical channel number 0, is obtained, and the IP address D and the port 140 of the port 130 and the target server are further obtained through the query table 1. Then, the decapsulated data packet is sent to the target through the local port 130. Port 140 of server 14, such that port 140 of target server 14 receives the actual data to be sent by the client. 2574 Similarly, packets sent from port 111 are sent through logical channel 1 to port 141 of the target server.
  • Step 209 When the target server 14 wants to return the data packet to the main application component 11, the data packet returned from the port 140 is finally sent to the port 110 of the main application component 11 through the logical channel 0; the data packet returned from the port 141 passes the logic Channel 1 is ultimately sent to port 111 of main application component 11.
  • the following describes the data transmission process from the target server to the main application component by taking logical channel 0 as an example.
  • the target server returns a data packet from the port 140, and the data packet is returned to the port 130 of the transit server 13; the transit server looks up the correspondence in Table 1, and determines that the logical channel of the data is 0; then, the data packet to be sent
  • the internal channel protocol encapsulation the logical channel information corresponding to the data packet is encapsulated into the data packet, where the logical channel information is the logical channel number 0; the transit server forwards the encapsulated data packet to the transit component 12 through the dedicated channel 15
  • the transit component 12 After receiving the encapsulated data packet, the transit component 12 performs internal protocol decapsulation to obtain logical channel information, that is, a logical channel number, and the query table 2 obtains the IP address A and the port number 110 of the local port 120 and the main application component.
  • the decapsulated data packet is then sent through the local port 120 to port 110 of the main application component 11, such that the port of the main application component receives the actual data returned by the target server.
  • the main application component initiates a port request to the transit component using a function call mode and transmits the data in a function call.
  • the function call for the port request includes the requested port type and number, as well as the port parameters, which are used to indicate the port number of the main application component that sent the data, such as port 110 and port 111.
  • step 203 after receiving the port request message, the transit component encapsulates the port request message through the internal protocol between the transit component and the transit server, and then sends the message to the transit server through the dedicated channel. At the same time, the transit component allocates the local port according to the type and number of ports requested in the port request message, that is, allocates two consecutive local UDP ports, which are assumed to be port 120 and port 121, for subsequent packet forwarding.
  • the callback function can be two, which are respectively used to return the data to the port 110 and the port 111; or, the callback function can be one, but needs to be in the callback function
  • the port parameter indicates the port number 110 or 111 returned by the data.
  • the port or callback function assigned by the relay component may be collectively referred to as a forwarding interface used by the relay component to forward data. There are two forwarding interfaces here, which are set to forwarding interface 0 and forwarding interface 1.
  • the transit component After receiving the response message, the transit component establishes the logical channel number, the IP address and port number of the main application component, the IP address and forwarding interface number of the transit component, the IP address and port number of the transit server, and the IP address of the target server.
  • the IP address of the main application component is A
  • the IP address of the transit component is B:
  • the relay component returns a response message to the main application component, including the contents of Table 3 above.
  • the communication port of the main application component is used as the starting port
  • the transit component and the transit server reach the communication port of the target server, and establish a logical channel that can traverse the forwarding device, that is, the IP address and port through which the logical channel 0 passes are: A/port 110 - B/forward interface 0 - dedicated channel 15 - C /port 130 - D/port 140, the IP address and port through which logical channel 1 passes are: A/port 111 - B/forward interface 1 - dedicated channel 15 - C/port 131-D/14L transit part and transit server pass table
  • the logical channels recorded in 1 and Table 2 forward the packets sent by the main application component port to the corresponding ports of the target server.
  • step 208 the data sent by the main application component from the port 110 is sent to the relay component 12 by the calling function, and the relay component 12 finally sends the data packet to the port 140 of the target server 14 through the logical channel 0; similarly, the data sent from the port 111 It is finally sent to the port 141 of the target server 14 through the logical channel 1.
  • the data packet sent from the port 140 is finally sent to the port 110 of the main application component 11 through the logical channel 0, and when the transit component forwards the data, it can be forwarded through the port 120, It can be forwarded by callback function 0, and can also be forwarded by its port parameter indicating the callback function targeted to port 110; similarly, the packet sent from port 141 is finally sent to port 111 of main application component 11 via logical channel 1.
  • the port requested by the main application component is divided into multiple situations. There are typically three cases: 1) requesting a single TCP port; 2) requesting a single UDP port; 3) requesting two consecutive UDP ports. Therefore, a special standardized processing module can be made on the relay server for the above situation. For example, module 1 is dedicated to assigning a single TCP port, module 2 is dedicated to assigning a single UDP port, and module 3 is dedicated to allocating two consecutive UDP ports; when performing port allocation, directly calling the above processing module can make the process More integrated and improved processing efficiency.
  • step 202 to step 207 may be repeatedly executed and the standard processing module is called to allocate ports, and multiple ports are respectively established.
  • step 202 to step 207 the allocation of two consecutive UDP ports is completed by using module 3, and two UDP logical channels are established correspondingly.
  • the requested port is divided into a plurality of cases, it is not limited to the above three types, and may be extended according to actual application changes.
  • a dedicated standardized processing module may be configured for each case to perform port allocation. Make the process more integrated and improve processing efficiency.
  • the client main application component can also use the port number assigned by the received relay server to complete the communication port through the corresponding complex communication protocol of the main application component (for example, H.323, SIP, MGCP, H.248/MeGaCo, etc.).
  • the negotiation process There are two situations in which the negotiation process is implemented:
  • the transit component and the transit server do not support the complex protocols that the main application component has to transmit data by parsing the contents of the packet (for example, protocols such as H.323, SIP, MGCP, H.248/MeGaCo).
  • a conversion module is further disposed in the main application component, and is configured to convert the negotiated IP address and port of the main application component carried in the data part of the data packet of the complex protocol into the IP address and port of the corresponding transit server. For example, if the negotiation port number of the main application component is 110, the IP address and port 110 of the main application component are replaced with the IP address and port number 130 of the transit server, and the data packet is sent to the target server through the corresponding reverse channel 0. The target server obtains the IP address and port 130 of the transit server from the data portion of the data packet, returns the negotiation response to the port 130 of the transit server, and returns to the main application component through the logical channel 0, and ends the negotiation process.
  • the relay component or the relay server supports the complex protocol of the main application component to transmit data by parsing the data packet content.
  • the transformation module is placed in a transit component or a relay server that supports the complex protocol for parsing the components from the main application.
  • the IP address and port are converted into the IP address and port of the corresponding transit server; and the converted data packet is sent to the target server, and the target server processes the same communication protocol as the main application component, and obtains the transit server from the data portion of the data packet.
  • the IP address and port return the negotiation response to the port of the transit server, and then return to the main application component through the corresponding logical channel, and the negotiation process ends.
  • the client when the client is closed, the client first sends a revocation port message to the transit server, requests to close the connection of the logical channel, and then dismantles the dedicated channel 15 established between the retransmission server and releases all related resources; similarly, in When the server is closed, the transit server sends a revocation port message to the client, requests to close the connection of the logical channel, and then removes the dedicated channel 15 established between the transit component and releases all related resources.
  • the information exchanged between the main application component and the target server can successfully penetrate the forwarding device introduced between the private network and the public network.
  • the reason is as follows.
  • the forwarding device is a firewall
  • the logical channel of the port-to-port communicates by using a dedicated channel 15 when the firewall traverses the firewall, and the dedicated channel is a single TCP or UDP connection, and the port uses the open port of the firewall, The information between the main application component and the target server is successfully penetrated the firewall.
  • the interaction protocol used is only a simple internal protocol, and is generally not hindered by the forwarding device, so that successful penetration can be achieved.
  • the forwarding device communicates.
  • the forwarding device is a NAT/proxy server
  • the interaction protocol between the transit component and the transit server is only a simple internal protocol, it does not need to be based on packet data like complex protocols (such as H.323 and SIP protocols).
  • Some of the included source IP addresses and ports return responses, but instead return responses based on the source IP address and port in the packet header.
  • the IP address and port in the header are translated by the NAT/proxy server, so the returned response can successfully penetrate the NAT/proxy server, enabling smooth communication between the main application component and the target server.
  • the forwarding device is a proxy server, such as a proxy server such as HTTP/SOCKS4/SOCKS5, the function of the proxy protocol is relatively easy to implement on the relay component of the client, so even if the main application component does not support the proxy protocol, the proxy device can be used.
  • the interactive information successfully penetrates the proxy server.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

Cet appareil assurant la communication entre un client et un serveur est utilisé avec un système de communication comprenant un client, un serveur et un dispositif de transmission. L'appareil comprend une unité de transfert établissant un canal privé pénétrant dans le serveur et établissant un canal de communication entre le client et soi-même avant d'établir un canal logique d'après le canal privé entre le client et le serveur. Un serveur de transfert établit un canal privé pénétrant dans l'unité de transfert et établit une liaison entre le serveur et soi-même avant d'établir un canal logique d'après le canal privé entre le client et le serveur. Ainsi, on assure une communication entre le client et le serveur à travers l'unité de transmission.
PCT/CN2006/002574 2005-09-29 2006-09-29 Appareil, systeme et procede assurant la communication entre un client et un serveur WO2007036160A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
BRPI0616627-0A BRPI0616627A2 (pt) 2005-09-29 2006-09-29 equipamento, sistema e método para comunicação entre cliente e lado do servidor

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005101080610A CN100477636C (zh) 2005-09-29 2005-09-29 客户端主应用部件与目标服务器间进行通信的装置和方法
CN200510108061.0 2005-09-29

Publications (1)

Publication Number Publication Date
WO2007036160A1 true WO2007036160A1 (fr) 2007-04-05

Family

ID=37899382

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/002574 WO2007036160A1 (fr) 2005-09-29 2006-09-29 Appareil, systeme et procede assurant la communication entre un client et un serveur

Country Status (4)

Country Link
CN (1) CN100477636C (fr)
BR (1) BRPI0616627A2 (fr)
RU (1) RU2396716C2 (fr)
WO (1) WO2007036160A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116320641A (zh) * 2023-05-19 2023-06-23 河北网新科技集团股份有限公司 一种视频数据传输方法及系统

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090319674A1 (en) * 2008-06-24 2009-12-24 Microsoft Corporation Techniques to manage communications between relay servers
CN102571697B (zh) * 2010-12-17 2015-05-13 中兴通讯股份有限公司 一种传输实时传送协议报文的方法及装置
CN102186257A (zh) * 2011-03-09 2011-09-14 华为终端有限公司 无线终端、主机设备的通信方法及无线终端、主机设备
CN103699367B (zh) * 2012-09-27 2017-07-07 中国电信股份有限公司 Http应用程序接口调用方法与装置
CN102932487B (zh) * 2012-11-26 2016-09-14 福建伊时代信息科技股份有限公司 数据处理方法及系统
CN102984167B (zh) * 2012-12-07 2015-02-18 北京邮电大学 一种基于Socks5协议的通用防火墙穿越方法
RU2609086C2 (ru) * 2014-05-07 2017-01-30 Общество С Ограниченной Ответственностью "Яндекс" Сетевое устройство пересылки пакетов (варианты), способ настройки сетевого устройства пересылки пакетов (варианты) и способ пересылки пакета
DE102015223229A1 (de) * 2015-05-11 2016-11-17 Volkswagen Aktiengesellschaft Verfahren zur Kommunikation zwischen einer Kommunikationseinheit eines Geräts und einer externen Kommunikationseinheit über eine mobile Telefoneinheit
CN105611226B (zh) * 2015-10-30 2018-07-13 浙江宇视科技有限公司 一种视频监控网络中丢包定位方法及装置
CN105337808B (zh) * 2015-11-30 2019-01-04 网宿科技股份有限公司 数据传输的方法、装置及系统
CN107197005B (zh) * 2017-05-12 2020-12-29 广州视源电子科技股份有限公司 数据传输的方法及装置、客户端、服务器及数据传输系统
CN107168210B (zh) * 2017-06-22 2020-09-01 无锡乐伏能源科技有限公司 分布式光伏电站的监控系统及监控方法
CN109618014B (zh) * 2018-11-12 2021-12-24 杭州数梦工场科技有限公司 报文转发方法和装置
CN110891008A (zh) * 2019-11-21 2020-03-17 成都云智天下科技股份有限公司 一种基于l2tp/ipsec的ip代理方法
CN111327614A (zh) * 2020-02-21 2020-06-23 浙江德迅网络安全技术有限公司 一种socket协议连接转换为其它协议连接的实现方法
CN111491126A (zh) * 2020-04-10 2020-08-04 贵州新致普惠信息技术有限公司 提高多人联机视频语音稳定性的方法、系统以及设备
CN114205402B (zh) * 2021-11-18 2024-04-30 阿里云计算有限公司 连接建立方法、系统、设备和存储介质
CN115695525A (zh) * 2022-10-28 2023-02-03 网络通信与安全紫金山实验室 链路建立方法、装置及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1570904A (zh) * 2003-07-23 2005-01-26 张恒 移动远程计算机访问和控制系统及其方法
CN1588901A (zh) * 2004-09-30 2005-03-02 西安西电捷通无线网络通信有限公司 一种在柔性ip网络技术体系中实现双层隧道的方法
WO2005057882A1 (fr) * 2003-12-11 2005-06-23 Tandberg Telecom As Systeme de communication pour la traversee des coupe-feux et des installations de traduction d'adresses de reseau
CN1633100A (zh) * 2003-12-24 2005-06-29 华为技术有限公司 多媒体业务网络地址转换穿越的方法及其系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2118051C1 (ru) * 1996-04-30 1998-08-20 Лихачев Александр Геннадьевич Способ доступа к ресурсам "всемирной паутины" через шлюзы-представители
US5778174A (en) * 1996-12-10 1998-07-07 U S West, Inc. Method and system for providing secured access to a server connected to a private computer network
US7293108B2 (en) * 2001-03-15 2007-11-06 Intel Corporation Generic external proxy

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1570904A (zh) * 2003-07-23 2005-01-26 张恒 移动远程计算机访问和控制系统及其方法
WO2005057882A1 (fr) * 2003-12-11 2005-06-23 Tandberg Telecom As Systeme de communication pour la traversee des coupe-feux et des installations de traduction d'adresses de reseau
CN1633100A (zh) * 2003-12-24 2005-06-29 华为技术有限公司 多媒体业务网络地址转换穿越的方法及其系统
CN1588901A (zh) * 2004-09-30 2005-03-02 西安西电捷通无线网络通信有限公司 一种在柔性ip网络技术体系中实现双层隧道的方法

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116320641A (zh) * 2023-05-19 2023-06-23 河北网新科技集团股份有限公司 一种视频数据传输方法及系统
CN116320641B (zh) * 2023-05-19 2023-08-04 河北网新科技集团股份有限公司 一种视频数据传输方法及系统

Also Published As

Publication number Publication date
RU2008115139A (ru) 2009-11-10
BRPI0616627A2 (pt) 2011-06-28
CN1941738A (zh) 2007-04-04
RU2396716C2 (ru) 2010-08-10
CN100477636C (zh) 2009-04-08

Similar Documents

Publication Publication Date Title
WO2007036160A1 (fr) Appareil, systeme et procede assurant la communication entre un client et un serveur
EP1650916B1 (fr) Systeme et procede pour realiser une commutation d'appels multimedia dans un reseau prive
EP2034666B1 (fr) Procédé et système pour réaliser une interaction de flux multimédia, contrôleur de passerelle multimédia, et passerelle multimédia
JP3757399B2 (ja) 通信システム
TWI408936B (zh) 網路穿透方法及網路通訊系統
CN100454905C (zh) 穿越网络地址转换的方法
JP5972398B2 (ja) Iceベースnatトラバーサル
US20050066038A1 (en) Session control system, communication terminal and servers
WO2005062546A1 (fr) Procede de conversion et de traversee d'une adresse reseau et son systeme
WO2010127610A1 (fr) Procédé, équipement et système permettant de traiter des informations de noeud de réseau privé virtuel
US20130007291A1 (en) MEDIA INTERWORKING IN IPv4 AND IPv6 SYSTEMS
WO2012034309A1 (fr) Procédé, terminal et système pour les transferts de fichiers entre des terminaux à protocole d'ouverture de session (sip) dans un réseau à traduction d'adresses réseau (nat)
WO2015096302A1 (fr) Procédé de traversée de nat basé sur une renégociation de capacités multimédia sous sip, serveur mandataire et système
CN100403729C (zh) Sip软交换系统中呼叫控制与媒体流穿越私网的方法
CN100493048C (zh) 穿越网络地址转换和防火墙的多媒体通信代理系统及方法
KR101606142B1 (ko) 음성패킷망에서 네트워크 주소 번역 통과를 지원하기 위한 장치 및 방법
WO2008003214A1 (fr) Procédé, dispositif et système de passage de flux multimédia à travers la traduction d'adresse de réseau
CN101179468A (zh) 异构网络sip终端与h.323终端通讯的方法
CN107634954B (zh) 一种软交换呼叫方法及系统
CN100401700C (zh) 一种两个私网内的多媒体终端点对点呼叫的方法
US8774163B2 (en) Communication system and method for implementing IP cross-domain interconnecting via border media gateway
KR100438182B1 (ko) 게이트키퍼와 nat-pt 연동을 위한 서로 상이한ip 주소 연동 방법
WO2007012233A1 (fr) Procédé de voyage de services multimédias à travers un nat
WO2006116933A1 (fr) Procede, systeme et equipement de realisation d'une intercommunication entre les domaines ip
KR100660123B1 (ko) Nat 통과를 위한 브이.피.엔 서버 시스템 및 브이.피.엔클라이언트 단말기

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1446/CHENP/2008

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2008115139

Country of ref document: RU

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO 112(1) EPC OF 130808

122 Ep: pct application non-entry in european phase

Ref document number: 06791160

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: PI0616627

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20080331